■ Health IT systems were retested after complaints and found ineligible to meet requirements despite previous approval. What’s a medical practice to do?

For the first time since the meaningful use EHR certification program came into effect in 2011, the Dept. of Health and Human Services Office of the National Coordinator for Health Information Technology has revoked the certification previously granted to two electronic health record systems.

Although it’s not clear what will come of the efforts users of those systems have made toward meaningful use, the ONC has emphasized that oversight of EHR systems doesn’t end with certification. Therefore, it’s possible — albeit somewhat unlikely — that a physician could qualify for meaningful use then later have his or her system deemed ineligible for the program. Experts say doctors should take steps to protect themselves, including doing due diligence when shopping and including provisions in vendor contracts about the company’s responsibilities in case of decertification.

In April, the ONC said it was notified that the inpatient and outpatient versions of EHRMagic’s EHR systems were incapable of performing certain functions required for meaningful use. The ONC joined InfoGard, the ONC-sanctioned certifying body that initially issued certification to both EHRMagic’s systems, to investigate the claims, then decided to conduct retesting. Both systems failed subsequent testing.

“We and our certification bodies take complaints and our follow-up seriously,” said Farzad Mostashari, MD, the national coordinator for health IT, in a statement. “By revoking the certification of these EHR products, we are making sure that certified electronic health record products meet the requirements to protect patients and providers.”

Although these were the first systems to have their certification revoked, they were not the first systems to undergo additional testing after initial certification.

Carol Bean, director of the ONC’s Office of Certification and Testing, said in a April 25 blog post that as part of their duties, all certifying bodies are required to conduct surveillance activities. These include proactive surveillance, such as random audits of systems, and reactive surveillance, which is triggered by complaints.

“We want to be clear: The Office of Certification’s role doesn’t stop after EHR certification,” she wrote. “We are also going to monitor certified EHRs to determine whether they continue to meet our requirements.”

Under the meaningful use incentive program, physicians can earn up to $44,000 in Medicare incentives or nearly $64,000 from Medicaid over a consecutive five- (Medicare) or six-year (Medicaid) period. No one attested to meaningful use using an EHRMagic system, according to the ONC. But if a physician attempted to qualify for the Medicare program in 2012 and found the system unable to meet the criteria, they lost out on $5,000, because they missed the first of five payments that go through 2016.

Promise of no-cost system

Richard Gant, CEO of Innovative Healthcare Systems, a medical device marketer in Royal Palm Beach, Fla., said he became acquainted with EHRMagic in 2011. He had never taken on EHR vendors as clients before, but he liked the business model EHRMagic was offering. The company was letting physicians use its cloud-based system at no initial cost, but with a promise of payment when their clients’ meaningful use incentive checks arrived. About three of Gant’s clients agreed to work with EHRMagic, but he said problems with the system and the company’s business practices arose immediately. His clients scrapped plans to implement EHRMagic, and he discontinued his relationship with the vendor.

EHRMagic did not respond to a request for an interview.

The ONC did not offer details on what issues caused the EHRMagic systems to lose certification. It has no plans to assist practices affected by the certification revocation, saying it doesn’t know how many people are using the system or who they are. ONC spokesman Peter Ashkenaz directed questions about the attestation process and possible extensions to the deadlines to a CMS spokeswoman, who did not respond to requests for an interview.

Mark Shin, chief operating officer of InfoGard, said that because EHRMagic is a client, he must respect confidentiality agreements and not discuss the problems that led to the decertification. “But what we can say is that the reason for revoking EHRMagic’s certificates has nothing to do with what InfoGard did, or our procedures.”

How practices can protect themselves

Meaningful use certification includes many assurances that an EHR system will do what a practice needs it to do. But it stops short of offering full assurances, because it doesn’t take into consideration the experiences of those using the system — or if anyone is using it at all, said Alisa Ray, executive director and CEO of the Certification Commission for Health Information Technology. Like InfoGard, CCHIT is an ONC-sanctioned certifying body, but it was not involved with the certification of EHRMagic.

When shopping for a system, Ray said, practices need to go beyond checking for certification. Physicians should look for peers using the system and talk to them about their user experience as well as their history with the vendor’s responsiveness and customer service.

A large market share doesn’t mean a system is right for every practice. But if a doctor has narrowed his or her choices to one system, knowing that many existing clients already met the meaningful use requirements successfully using that system could be considered a reassuring sign, Ray said. AmericanEHR Partners, of which the American Medical Association is a member, maintains a database of user reviews of EHR systems, which includes attestation numbers.

Shin said the likelihood that a practice’s system will lose certification is not high. But it’s always a good idea to ask the right questions and have the proper contract provisions in place.

Shin said he would suggest that physicians have a “certification maintenance process” in place with their vendors to ensure that the systems remain compliant, especially as the software is updated.

“A lot of folks, when they view maintenance, view it in the perspective of software updates or upgrades, and rightfully so,” Shin said. “You want to make sure you have the latest and greatest version. But you also want to make sure that, as a user, you have certain regulations that you need to be in compliance with as well. So you want to be able to use the application providers as partners.”

Another safeguard is to include a guarantee in the contract that vendors will remain in compliance. Given the recent events, Ray said she would be surprised if vendors refused to add such a stipulation.